Vulnerabilities are not slowing down. Some 15,038 new vulnerabilities were found in 2017, an increase in 53% from the 9,837 in 2016, according to Tenable's Vulnerability Intelligence Report: A Risk-Centric Approach to Prioritization released on Wednesday. Currently, 2018 is on track to reach 18,000-19,000 new vulnerabilities, said the report.
Tenable's research analyzed the prevalence of vulnerabilities based on the number of enterprises most affected in a single day, in an effort to give businesses insight into ongoing and active threats, said the report. Businesses must pay attention to vulnerability trends, as 61% of enterprise vulnerabilities were considered high severity.
SEE: Microsoft SharePoint: A guide for business professionals (Tech Pro Research)
An enterprise is locating an average of 870 common vulnerabilities and exposures (CVE) a day across 960 assets, indicating an incredibly high presence of risks across the board. But application vulnerabilities in particular are being targeted now more than ever, according to the report.
Between drive-by exploitation, cryptojacking, and phishing, cybercriminals use a slew of tactics to take advantage of application vulnerabilities, said the report. These vulnerabilities are typically discovered on end-user workstations and with clients, and as workforces become more distributed and mobile, companies must stay vigilant in assessing and fixing vulnerabilities, added the report.
In order to highlight the prevalence of application risks, Tenable found the top 20 application vulnerabilities in enterprise environments. And scarily enough, the most vulnerabilities were found in some of the most popular applications, according to the report. Out of the 20 application vulnerabilities, 50% were Adobe Flash and 20% were from Microsoft Office. Microsoft Office also stood out with the highest amount of high severity CVEs.
Here are the top 20 vulnerabilities found in the enterprise:
Based on this list, companies can hone in on the vulnerabilities that may affect their operations most. While almost all businesses do have a method for mitigating application vulnerabilities, according to the release, most aren't aware of the volume of vulnerabilities out there.
Check out this TechRepublic article for more information about specific vulnerabilities in web applications.
The big takeaways for tech leaders
- Application vulnerabilities have increased by 53% from 2016 to 2017. — Tenable, 2018
- Out of the top 20 application vulnerabilities, 50% were occupied by Adobe Flash and 20% were in Microsoft Office. — Tenable, 2018
- How to protect against 10 common browser threats (free PDF) (TechRepublic)
- Adobe patch update tackles six critical vulnerabilities in ColdFusion (ZDNet)
- Microsoft SharePoint: A cheat sheet (TechRepublic)
- Adobe sends out second wave of security updates for critical vulnerabilities (ZDNet)
- 100% of web applications vulnerable to attack, despite billions spent on security efforts (TechRepublic)
- How to beef up your Chrome and Firefox security in 2018 (Download.com)
Macy Bayern has nothing to disclose. She does not hold investments in the technology companies she covers.
Macy Bayern is an Associate Staff Writer for TechRepublic. A recent graduate from the University of Texas at Austin's Liberal Arts Honors Program, Macy covers tech news and trends.